Regular Jenkins maintenance is necessary to ensure security patches are up to date.
Follow these steps to update Jenkins:
Notify community that maintenance is about to begin
Put Jenkins into Shutdown mode (https://jenkins.example.org/quietDown)
yum update -y --exclude=jenkins(Do this step while waiting for Jobs to clear in shutdown mode.)
yum update -y
Update Jenkins plugins via Manage Jenkins > Manage Plugins
Ensure that you click “Download now and install after restart” but DO NOT check the “Restart Jenkins when installation is complete and no jobs are running” button.
Restart the server itself
Remove Shutdown mode from Jenkins (https://jenkins.example.org/cancelQuietDown)
Jenkins requires admin level configuration to work with GitHub.
Create a GitHub account for Jenkins to use
The user needs to have Full Admin access to the GitHub Organization that Jenkins will manage, this is so that Jenkins can automatically manage the hooks.
GitHub Serversclick Advanced > Manage GitHub actions > Convert login and password to token
From login and passwordand enter the github-jenkins account details
Click Create token credentials
GitHub Serversclick Add GitHub Server and configure the following:
Name: <Leave blank> API URL: https://api.github.com Credentials: <Auto-generated token> Manage hooks: true GitHub client cache size (MB): 20
Re-register hooks for all jobs
Security recommendations for Jenkins.
Install the OWASP Markup Formater Plugin
Navigate to https://jenkins.example.org/configureSecurity/
Configure the following:
Default Crumb Issuer
Agent -> Master Access Control
JNLP Protocol 1 - 3
JNLP Protocol 4